Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KexExchange is generally broken and needs replacement #1

Closed
eugeneia opened this issue Dec 1, 2017 · 2 comments
Closed

KexExchange is generally broken and needs replacement #1

eugeneia opened this issue Dec 1, 2017 · 2 comments
Labels
bug

Comments

@eugeneia
Copy link
Member

eugeneia commented Dec 1, 2017
edited
Loading

It would be generous to call the current key exchange protocol a proof of concept. (: It needs to be replaced with something sensible.

References:
@eugeneia eugeneia added the bug label Dec 1, 2017
@eugeneia eugeneia changed the title KexExchange does not provide forward secrecy KexExchange is generally broken and must be replaced Dec 1, 2017
@eugeneia eugeneia changed the title KexExchange is generally broken and must be replaced KexExchange is generally broken and needs replacement Dec 1, 2017
@eugeneia
Copy link
Member Author

eugeneia commented Dec 4, 2017
edited
Loading

A friendly person has suggested taking inspiration from the spiped protocol. I am wondering if we can "instantiate" the spiped protocol using algorithms recommended by libsodium (which Vita does already link), i.e. HMAC-SHA512256, ARGON2 and BLAKE2B-512(X25519(p.n)) with equal or better security properties.

I am favoring the spiped protocol’s key exchange so far because it matches Vita’s model very well, and is more concrete(?) than Noise.

@eugeneia
Copy link
Member Author

eugeneia commented Dec 4, 2017

One thing to note is that both Noise and spiped are rather TCP/stream oriented, while Vita’s key exchange is packet oriented. Have to take an extra close look at the implications thereof.

@eugeneia eugeneia mentioned this issue Jan 4, 2018
Merged
eugeneia added a commit that referenced this issue Jan 16, 2018
@eugeneia
Merge pull request #5 from eugeneia/vita-ske1-impl-g
ec8613a 
New key negotation protocol and implementation

Resolves #1 (KexExchange is generally broken and needs replacement)

Includes #4 (Route inbound packets via SPI)
@eugeneia eugeneia mentioned this issue Jun 21, 2018
Open
eugeneia pushed a commit that referenced this issue Oct 29, 2018
@lukego
Merge pull request #1 from lukego/luajit-v2.1
dcda227 
Pull LuaJIT v2.1 branch
eugeneia pushed a commit that referenced this issue Oct 29, 2018
@lukego
Merge pull request #1 from lukego/fix366
e094845 
Make test 366 pass by adding "move:" to expectation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eugeneia